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1 Title of the Invention 

Method and Apparatus of provisioning global connectivity to roaming netw 
orks 



2 Claims 

1. A method of provisioning global connectivity to roaming networks, 
used in an internetworking of packet-switched data communications networ 
ks, wherein network elements in the communications networks are uniquely 
addressed by a primary global address such that the network element can 
be reached even when it is roaming anywhere in the communication networ 
ks, whereas the network elements that are roaming within the communicati 
ons networks can be additionally assigned with a temporary global addres 
s for a duration of which the roaming network element is attached to a s 
ingle access router, through which the roaming network element gains acc 
ess to a global data communications network, coirg)rising the step of send 
ing a Binding Updates message from the roaming network element to a sing 
ular or plural other network elements, wherein the Binding Update messag 
e contains the primary global address and the tenrporary global address o 
f the sending roaming network element, for which the objective is to all 
ow the receiving network elements relate the specified temporary global 
address to the specified primary global address, and further contains th 
e primary global address of the access router to which the roaming netwo 
rk element is currently attached. 

2 The method of provisioning global connectivity to roaming networks 
according to claim 1, wherein the network element in the internetworking 
of packet-switched data communications networks attaches a data format 
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onto the Binding Update message in order to insert the primary global ad 
dress of the access router to which the roaming network element is attac 
hed in the Binding Update message, the data format comprising: 

i. a type field to identify the data format as containing the prima 
ry global address of the access router to which the sender is attached; 

ii. a length field to specify a length of the data format; and 

iii. an access-router-address field to contain the primary global a 
ddress of the access router to which the sender is attached. 

3 The method of provisioning global connectivity to roaming networks 
according to claim 1, wherein the access router in the internetworking o 
f packet-switched data communications networks attaches a data format on 
to advertisement messages sent to advertise its service as the access ro 
uter in order to insert its primary global address in the advertisement 
messages, the data format coBoprising: 

i. a type field to identify the data format as containing the prima 
ry global address of the sender; 

ii. a length field to specify a length of the data format; and 

iii. an access-router-address field to contain the primary global a 
ddress of the sender. 

4 A method of provisioning global connectivity to roaming networks, u 
sed between a plurality of the network elanents in the internetworking o 
f packet-switched data communications networks, wherein one of the netwo 
rk elements is roaming in the internetworking of packet-switched data co 
mraunications networks, con5>rising the steps of: 

i. sending a Binding Update message from the roaming network elemen 
t to another network element, wherein the Binding Update message contain 
s a pre-determined primary global address and a temporary global address 
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additionally assigned of the sending roaming network element, for which 
the objective is to allow the receiving network element relates the spe 

cif ied temporary global address to the specified primary global address, 
and further contains the primary global address of an access router to 

which the roaming network element is currently attached, and; 

ii. replying from the recipient of the Binding Update message to th 

e roaming network element with a Binding Acknowledgement message, wherei 

n the Binding Update message contains information on whether the Binding 
Update message is accepted or rejected, and further contains an indicat 
ion the presence of which serves to inform the recipient of the Binding 

Acknowledgement message that the sender of the Binding Acknowledgement m 
essage can understand and can take appropriate action on the inclusion o 
f the primary global address of the access router in the Binding Update 
message. 

5 The method of provisioning global connectivity to roaming networks 
according to claim 1, wherein a network entity can record the Binding Up 
date message in Binding Entries when the network entity received the Bin 
ding Update message, the Binding Entries consisting of the following fie 
Ids: 

i. Home-Address field, which contains the primary global address of 
the roaming network element; 

ii. Care-Of-Address field, which contains the ten?)orary global addr 
ess of the roaming network element; and 

iii. Access-Router-Address field, which contains the primary global 
address of the access router to which the roaming network element is at 

tached. 

6 A method of provisioning global connectivity to roaming networks ac 
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cording to claim 5, which the network entity performs to update the Bind 
ing Entries when the network entity received the Binding Update message, 
coinprising the steps of: 

i. checking if the Binding Entries contains an entry with the Home- 
Address field equal to the primary global address specified in the recei 
ved Binding Update message, and creating a new entry if one is not found 

t 

ii. deleting the entry in the Binding Entries which has the Home-Ad 
dress field equal to the primary global address specified in the receive 
d Binding Update message if it does not contain any information on the t 
eniporary global address of the sender of the Binding Update message; 

iii. deleting the entry in the Binding Entries which has the Home-A 
ddress field equal to the primary global address specified in the receiv 
ed Binding Update message if the information on the temporary global add 
ress contained in the Binding Update message equal to the Home-Address f 
ield in the entry; 

iv. setting the Care-of-Address field of the entry to the temporary 
global address specified in the received Binding Update message, if the 

re is the temporary global address contained in the received Binding Upd 
ate message and its value is not the same as the Home-Address field in t 
he entry; 

V. setting the Access-Router-Address field of the entry to the prim 
ary global address of the access router specified in the Binding Update 
message if there is one; and 

vi. setting the Access-Router-Address field of the entry to be inva 
lid if the received Binding Update message does not contain any informat 
ion on the primary global address of the access router. 

7 The method of provisioning global connectivity to roaming networks 
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according to claim 5, which the network element performs to construct a 
routing header attached to a data packet, wherein the routing header is 
used to instruct the network element addressed by the destination addres 
s specified in the packet to forward the packet to another destination, 
comprising the steps of: 

i. initialising a last-in-first-out data structure to be empty and 
a temporary variable to store the primary global address of a final dest 
ination of the packet; 

ii. finding an entry in the Binding Entries wherein the Home-Addres 
s field of the entry contains the same address stored in the afore-menti 
oned temporary variable; 

iii. storing the value in the temporary variable to the top of the 
last-in-first-out data structure if the value equals to the primary glob 
al address of the final destination of the packet in case that the entry 

in the Binding Entries is found; 

iv. storing the value contained in the Care-of -Address field of the 
entry in the temporary variable in case that the entry in the Binding E 

ntries is found; 

V. storing the value in the temporary variable to the top of the la 
st-in-f irst-out data structure and then storing the value in the Access- 
Router-Address field of the entry to the temporary variable in case that 
the entry in the Binding Entries is found, 

vi. repeating the steps (ii), (iii), (iv) and (v) if the Access-Rou 
ter-Address field of the entry is valid; 

vii. repeatedly removing the top value in the last-in-first-out dat 
a structure and appending the removed value to the routing header attach 
ed to the data packet until the last-in-first-out data structure is empt 
y in case that the entry in the Binding Entries is found or the Access-R 
outer-Address field of the found entry is not valid; and 
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viii* setting the destination address of the data packet to the val 
ue stored in the temporary variable. 

8 Hie method of provisioning global connectivity to roaming networks 
according to claim 1, further comprising the step of inserting a unique 
signal on a data packet to request the access router to which the networ 
k element is attached, to forward the data packet sent by the network el 
ement directly to the destination specified in the data packet. 

9 The method of provisioning global connectivity to roaming networks 
according to claim 1, further comprising the step of invalidating the un 
ique signal defined in claim 8 on a data packet to prevent subsequent in 
termediate routers to forward the data packet directly to the destinatio 
n specified in the data packet. 

10 The method of provisioning global connectivity to roaming networks 
according to claim 8, which an intermediate network element in the inte 

metworking of packet-switched data communications networks performs to 
process a data packet received from its ingress interface, wherein the i 
ntermediate network element serves as a router bridging a singular or pi 
ural local data communication networks in its ingress interface to the i 
nternetworking of packet-switched data communications networks in its eg 
ress interface, con5)rising the steps of: 

i. forwarding the received packet if the intermediate network eleme 
nt is not roaming in the internetworking of packet-switched data communi 
cations networks; 

ii. encapsulating the received packet in another newly created pac 
ket to be send to a specific network element in the internetworking of p 
acket-switched data communications networks, where the specific network 
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element will extract the original data packet from the newly created pac 
ket and forward it to the destination, if the received packet does not c 
ontain any unique signal or if the unique signal is invalidated, in case 

that the intermediate network element is roaming in the internetworking 

of packet-switched data communications networks and assigned the tempor 
ary global address; 

iii. encapsulating the received packet in another newly created pac 
ket to be send to the specific network element in the internetworking of 

packet-switched data communications networks, where the specific networ 
k element will extract the original data packet from the newly created p 
acket and forward it to the destination, if a source address specified o 
n the received packet is not a valid address in the local network of the 
ingress interface of the intermediate network element, in case that the 
intermediate network element is roaming in the internetworking of packe 

t-switched data communications networks and assigned the temporary globa 

1 address; 

iv. encapsulating the received packet in another newly created pack 
et to be send to the specific network element in the internetworking of 
packet-switched data communications networks, where the specific network 
element will extract the original data packet from the newly created pa 
cket and forward it to the destination, if the destination address speci 
f ied on the received packet has not been sent any Binding Update message 
by the intermediate network element, wherein the Binding Update message 
contains the primary global address and the current temporary global ad 
dress of the intermediate network element in case that the intermediate 
network element is roaming in the internetworking of packet-switched dat 
a communications networks and assigned the temporary global address, ; an 
d 

V. changing the source address of the received packet to the tempor 
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ary global address of the intermediate network element and then forwardi 
ng the received packet to the specified destination, if the received pac 
ket contains the unique signal, and if the source address specified on t 
he received packet is a valid address in the local network of the Ingres 
s interface of the intermediate network element, and if the destination 
address specified on the received packet has previously been sent the Bi 
nding Update message by the intermediate network elanent, \rtierein the Bi 
nding Update message contains the primary global address and the current 

temporary global address of the intermediate network element in case th 
at the intermediate network element is roaming in the internetworking of 

packet-switched data communications networks and assigned the tonporary 

global address. 

11 The method of provisioning global connectivity to roaming networks 
according to claim 5, which the network element in the internetworking 
of packet-switched data communications networks performs to verify if a 
source address specified in a received data packet addressed to the netw 
ork element is legitimate, wherein the received data packet contains inf 
ormation on the primary global address of the access router, to vhich th 
e originator of the received packet is attached, that is different from 
the source address specified in the received data packet, comprising the 

steps of: 

i. initialising a temporary variable to store the primary global ad 
dress contained in the received data packet; 

ii. declaring the source address to be legitimate, if the value sto 
red in the temporary variable equals to the source address specified in 
the data packet; 

iii. searching for an entry in the Binding Entries with the value i 
n the Home-Address field equal to the value stored in the temporary vari 
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able in case that the value stored in the temporary variable does not eq 
ual to the source address specified in the data packet; 

iv. declaring the source address to be illegitimate if an entry in 
the Binding Entries with the value in the Home-Address field equal to th 
e value stored in the ten5)orary variable cannot be found in case that th 
e value stored in the ten?)orary variable does not equal to the source ad 
dress specified in the data packet, ; 

V. declaring the source address to be legitimate if the Care-of-Add 
ress field of an entry in the Binding Entries contains a value equal to 
the source address specified in the data packet in case that an entry in 
the Binding Entries is found; 

vi. declaring the source address to be illegitimate if the Access-R 
outer-Address field of the entry is invalid in case that an entry in the 

Binding Entries is found and the Care-of-Address field of the entry con 
tains a value not equal to the source address specified in the data pack 
et; 

vii. storing the contents in the Access-Router-Address field of the 
entry in the tenporary variable in case that an entry in the Binding En 

tries is found and the Care-of-Address field of the entry contains a val 
ue not equal to the source address specified in the data packet; and 

vili repeating the steps (iii), (iv), (v), (vi), and (vii) if the A 
ccess-Router-Address field of the entry is valid. 

12 The method of provisioning global connectivity to roaming networks 
according to claim 1, to send a data packet containing a routing header 

, herein the method is used after a successful reception of the Binding 
Update message containing the primary global address of the access rout 

er to which the sender of the Binding Update message is attached, compri 

sing the steps of: 
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i. setting the source address of the data packet to be the primary 
global address of the access router; and 

ii. setting the routing header to contain only the temporary global 
address and primary global address of the sender of the Binding Update 

message. 

13 The method of provisioning global connectivity to roaming networks 
according to claim 1, to send a data packet containing a routing header 

, herein the method is used after a successful reception of the Binding 
Update message containing the primary global address of the access rout 

er to which the sender of the Binding Update message is attached, conpri 

sing the steps of: 

i. setting the source address of the data packet to be the primary 
global address of the access router; and 

ii. setting the routing header to contain the temporary global addr 
ess of the sender of the Binding Update message as a first entry. 

14 The method of provisioning global connectivity to roaming networks 
according to claim 1, to send a data packet containing a routing header 

wherein the method is used after a successful reception of a first Bin 
ding Update message which is sent by the network element, the first Bind 
ing Update message containing the primary global address of the access r 
outer to which the sender of the Binding Update message is attached, and 

after a successful reception of a second Binding Update message which i 
s sent by the access router, the second Binding Update message containin 
g the temporary global address of the access router, comprising the step 
s of: 

i. setting the source address of the data packet to be the tenqwrar 
y global address of the access router; and 
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ii. setting the routing header to contain the temporary global addr 
ess and primary global address of the sender of the first Binding Update 
message. 

15 The method of provisioning global connectivity to roaming networks 
according to claim 1, to send a data packet containing a routing header 
, wherein the method is used after a successful reception of a first Bin 
ding Update message which is sent by the network element, the first Bind 
ing Update message containing the primary global address of the access r 
outer to which the sender of the Binding Update message is attached, and 
after a successful reception of a second Binding Update message which i 
s sent by the access router, the second Binding Update message containin 
g the temporary global address of the access router, comprising the step 
s of: 

i. setting the source address of the data packet to be the tenporar 
y global address of the access router; and 

ii. setting the routing header to contain the temporary global addr 
ess of the sender of the first Binding Update message as a first entry. 

16 The method of provisioning global connectivity to roaming networks 

according to claim 1, to send a data packet containing a routing header 
, wherein the method is used after a successful reception of a first Bin 
ding Update message which is sent by the network element, the first Bind 
ing Update message containing the primary global address of the access r 
outer to which the sender of the Binding Update message is attached, and 

after a successful reception of a second Binding Update message which i 
s sent by the access router, the second separate Binding Update message 
containing the temporary global address of the access router, conprising 

the step of setting the routing header to contain the temporary global 
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address of the sender of the first Binding Update message and the tempor 
ary global address of the access router, wherein the teniporary address o 
f the access router appears immediately before the temporary global addr 
ess of the sender of the first Binding Update message in the routing hea 
der. 

17 The method of provisioning global connectivity to roaming networks 
according to claim 8, wherein the network element is roaming in the int 
emetworking of conmuni cat ions network and is serving as a router bridgi 
ng a singular or plural local data communication networks in its ingress 
interface to the internetworking of packet-switched data communications 
networks in its egress interface, after receiving a data packet from it 
s ingress interface, wherein the data packet contains the unique signal, 
comprising the steps of I 

i. changing a source address of the data packet to its temporary gl 

obal address; and 

ii. forwarding the data packet to its egress interface. 

18 An apparatus used by a network elai^t in the internetworking of p 
acket-sw itched data communications networks defined in claim 1, comprisi 
ng means for executing the foUowings: 

i. the method of utilizing the Binding Entries as defined in claim 

5; 

ii. the method of updating the Binding Entries as defined in claim 

6; 

iii. the method of inserting an indication in a Binding Acknowledge 
ment message, wherein the presence of such an indication serves to infor 
m the recipient of the Binding Acknowledgement message that the sender c 
an understand and can take appropriate action on the inclusion of the pr 
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imary global address of the access router in the Binding Update message, 
as defined in claim 4; 

iv. the method of checking the source address of a data packet as d 
ef ined in claim 8; and 

V- the method of constructing a routing header, as defined in any o 
ne of claims 7, 13, 14, 15, and 16. 

19 An apparatus used by a network element in the internetworking of p 
acket-switched data communications networks defined in claim 1, wherein 
the network element is roaming in the internetworking of communications 
network, comprising means for executing the followings: 

i. the method of utilizing the Binding Entries as defined in claim 

5; 

ii. the method of updating the Binding Entries as defined in claim 

6: 

iii. the method of inserting an indication in a Binding Acknowledge 
ment message, wherein the presence of such an indication serves to infor 
m the recipient of the Binding Acknowledgement message that the sender c 
an understand and can take appropriate action on the inclusion of the pr 
imary global address of the access router in the Binding Update message, 

as defined in claim 4; 

iv. the method of checking the source address of a data packet as d 
efined in claim 11; 

V. the method of constructing a routing header, as defined in claim 

7; 

vi. the method of inserting a signal on a data packet to request th 
e access router to which the network element is attached, to directly fo 
rward the data packet directly to the destination specified in the data 
packet, as defined in claim 8; and 
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vii. the method of inserting the primary global address of the acce 
•ss router to which the network element is attached in the Binding Update 
message, as defined in claims 1 and 2. 

20 An apparatus used by a network element in the internetworking of p 
acket-sw itched data communications networks defined in claim 1, wherein 
the network element is roaming in the internetworking of communications 
network and is serving as a router bridging a singular or plural local d 
ata communication networks in its ingress interface to the internetworki 
ng of packet-switched data communications networks in its egress interfa 
ce, conprising means for executing the foUowings: 

i- the method of attaching information of the primary global addres 
s of the network element in advertisement messages as defined in claim 3 

9 

ii. the method of utilizing the Binding Entries as defined in claim 

5; 

iii. the method of updating the Binding Entries as defined in claim 

6; 

iv. the method of inserting an indication in a Binding Acknowledgem 
ent message, wherein the presence of such an indication serves to inform 

the recipient of the Binding Acknowledgement message that the sender ca 
n understand and can take appropriate action on the inclusion of the pri 
mary global address of the access router in the Binding Update message, 
as defined in claim 4; 

V- the method of checking the source address of a data packet as de 
fined in claim 11; 

vi. the method of constructing a routing header, as defined in clai 

m 7; 

vii. the method of inserting a signal on a data packet to request t 
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he access router to which the network element is attached, to directly f 
orward the data packet directly to the destination specified in the data 
packet, as defined in claim 8; 

viii. the method of inserting the primary global address of the acc 
ess router to which the network element is attached in a Binding Update 
message, as defined in claims 1 and 2; and 

ix. the method of processing data packet arriving from the ingress 
interface of the network element to be forwarded to the egress interface 

of the network element, as defined in claims 10 and 17. 

3 Detailed Description of Invention 
Industrial Field of Utilisation 

The invention relates to the delivering of packets in the internetwork 
ing of packet-switched data communications networks. In particular, the 
disclosed invention addressed problems in the provisioning of connect iv 
ity to a network of nodes that is constantly changing its point of attac 
hment to the global data communications network. This invention can be 
viewed as an enhancement to existing solutions for provisioning global c 
onnectivity to roaming hosts. 

Background and Prior Art 
Disclosure of Information on prior art documents 
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works (MONET) Problem Statement and Scope", Internet Draft: draft-sol ima 
n-monet-statement-00. txt, Feb 2002, Work In Progress. 

[Non-patent document 2] Ernst, T. , and Lach, H. , "Network Mobility S 
upport Requirements", Internet Draft: draft-ernst-monet-requirements-00. 
txt, Feb 2002, Work In Progress. 

[Non-patent document 3] Lach, H. et. al., "Mobile Networks Scenarios 
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[Non-patent document 14] Narten, T. , Nordmark, E. , and Simpson, W. , 

"Neighbour Discovery for IPv6", IETF RFC 2461, Dec 1998. 
The Internet today has evolved to a stage where numerous peripheral da 
ta communications networks are deployed around a system of fixed network 

nodes. These peripheral networks are suitably known as edge networks; 
^ereas the system of fixed network nodes surrounded by the edge network 
s are known as the core. With the emergaice and proliferation of wirele 
ss technology, more and more of these edge networks are en5)loying wirele 
ss solution, thus forming a special edge network called mobile networks, 

or network in motion [Non-patent document 1,2,3,4]. 

In essence, a mobile network is a network of nodes where the entire ne 
twork changes its point of attachment to the Internet. This usually ent 
ails a mobile router (which bridge the mobile network to the Internet) i 
n the mobile network that changes its point of attachment to the Interne 
t between different access routers (^ich may, in fact, be mobile themse 
Ives). Examples of mobile networks include networks attached to people 
(known as Personal Area Network, or PAN) and networks of sensors deploye 
d in vehicles such as cars, trains, ships or aircrafts. For mass transp 
ort systems such as airplanes, trains, or buses, the operators may provi 
de passengers with permanent on-board Internet access allowing them to u 
se their laptops. Personal Digital Assistants (PDA), or mobile phones to 

connect to remote hosts. Individual nodes in such a mobile network are 

usually connected to a central device (i.e. the mobile router), and do 
not change their attachment when the network is in motion. Instead, it 
is the mobile router that changes its point of attachment as the network 

moves in entirety. 

This invention describes a proposed solution for the problem of networ 
k in motion. In essence, the problem of network in motion is to provide 
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continuous Internet connectivity to nodes in a network that moves as a 
whole. Nodes within the network that moves may not be aware of the netw 
ork changing its point of attachment to the Internet. This differs from 
the traditional problem of mobility support as addressed by Mobile IPv4 
[Non-patent document 5] in Internet Protocol version 4 (IPv4) [Non-pate 
nt document 6] and Mobile IPv6 [Non-patent document 7] in Internet Proto 
col version 6 (IPv6) [Non-patent document 8]. In [Non-patent document 5 
,7], the main objective is to provide mobility support to individual hos 
ts rather than an entire network. 

In Mobile IP, each mobile node has a permanent home domain. When the 
mobile node is attached to its home network, it is assigned a permanent 
global address known as a home-address. When the mobile node is away, i 
.e. attached to some other foreign networks, it is usually assigned a te 
mporary global address known as a care-of -address. The idea of mobility 
support is such that the mobile node can be reached at the home-address 
even ^en it is attached to other foreign networks. This is done in [N 
on-patent document 5,7] with an introduction of an entity at the home ne 
twork known as a home agent. Mobile nodes register their care-of -addres 
ses with the home agents using messages known as Binding Ifedates. The h 
ome agent is responsible to intercept messages that are addressed to the 
mobile node's home-address, and forward the packet to the mobile node's 
care-of -address using IP-in-IP Tunnelling [Non-patent document 9,10]. 
IP-in-IP tunnelling involves aicapsulating an original IP packet in anot 
her IP packet. The original packet is sometimes referred to as the inne 
r packet, and the new packet that encapsulates the inner packet is refer 
red to as the outer packet. 

Extending the concept of mobility support for individual hosts to mobi 
lity support for a network of nodes, the objective of a network in motio 
n solution is to provide a mechanism where nodes in a mobile network can 
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be reached by their permanent addresses, no matter where on the Interne 
t the mobile network is attached to. There exist a few prior attempts t 
o solve the network in motion problem, all of them are based on Mobile I 
P [Non-patent document 5,7]. 

One proposed solution for network in motion is the Mobile Router Sus>po 
rt [Non-patent document 11]. Here the mobile router controlling a mobi 
le network performs routing of packets to and from the mobile network us 
ing some routing protocols when it is in its home domain. When the mobi 
le router and its mobile network move to a foreign domain, the mobile ro 
uter registers its care-of -address with its home agent. An IP-in-IP tun 
nel is then set up between the mobile router and the home agent. The ro 
uting protocol used when the mobile router is at its home domain is agai 
n performed over the IP-in-IP tunnel. This means that every packet go in 
g to the mobile network will be intercepted by the h<Me agent and forwar 
ded to the mobile router throu^ the IP-in-IP tunnel. The mobile router 

then forwards the packet to a host in its mobile network. When a node 
in its mobile network wishes to send a packet out of the network, the mo 
bile router intercepts the packet and forwards the packet to the home ag 
ent through the IP-in-IP tunnel. The home agent then sends the packet o 
ut to the intended recipient. 

Another solution proposed in [Non-patent document 12] is an extension 
of Mobile Router Support [Non-patent document 11]. It involves the use 
of a Reverse Routing Header to avoid having too many levels of encapsula 
tion when mobile network get nested (i.e. a mobile network attaching its 
elf to another mobile network). Here, the lowest level mobile network s 
et up a Reverse Routing Header in its tunnel packet to its home agent. 
As high-level mobile routers intercept this tunnel packet on its way, th 
e higher-level mobile router does not encapsulate this packet into anoth 
er IP-in-IP tunnel. Instead, the hi^-level mobile router copies the so 
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urce address in the packet to the Reverse Routing Header, and put its ow 
n care-of -address as the source address. In this way, when the home age 
nt of the first mobile router receives the packet, it can determine the 
chain of mobile routers that is in the path between the first mobile rou 
ter and itself. Subsequently when the home agent wishes to forward anot 
her intercepted packet for the first mobile router, it can include a Rou 
ting Header [Non-patent document 8] so that the packet is directly sent 
to the first mobile router via other high-level mobile routers. 

A third solution for the network in motion problem is proposed in [Non 
-patent document 13], known as the Prefix Scope Binding Update. Here, t 
he solution proposed to add to the Binding Update sent by mobile routers 
the information on the prefix of the mobile network. In this way, home 
agents can deduce that any nodes with a prefix equal to that specified 
in the Binding Updates are attached to the mobile router. Hence, the ho 
me agent can forward packets destined to these nodes to the mobile route 
r. 

Problems to be solved 

In [Non-patent document 11], the use of IP-in-IP tunnelling suffers fr 
om what is known as route triangulation. This happens when a packet fro 
m one node to another node needs to pass through a third party (in this 
case, the home agent) that is not situated on the shortest path between 
the source and destination. The effect of route triangulation is compou 
nded when mobile networks are nested. For exanple, consider a packet f 
rom a mobile network that needs to be forwarded through three mobile rou 
ters. Using the solution proposed in [Non-patent document 11], the pack 
et will have to be encapsulated in three different tunnels, where each t 
unnel is directed to different home agents of the different mobile route 
rs. Not only does this multiple tunnel lings cause considerable delays t 



£hiE#2 003-3102464 




0 the delivery of the packet, it also increases the probability of the p 
acket "being fragmented en route, since encapsulation increases the overa 
11 packet size. Reassembly of fragmented packets introduces additional 
processing delays, and may result in the entire packet being discarded i 
f one of the fragments gets lost on its way. 

The solution proposed in [Non-patent document 12] attenrpts to solve th 
is problem by avoiding multiple tunnels. In this solution, only the fir 
St mobile router needs to set up an IP-in-IP tunnel with its home agent. 

Subsequent mobile routers will not further encapsulate the packet. In 
stead, these routers record the original source address in a Reverse Rou 
ting Header, change the source address to their own care-of -addresses, a 
nd forward the packet to its destination without going through their hom 
e agents. Although this solution solves the multiple tunnels problem in 
a very efficient manner, it is very difficult for home agents to verify 
that the list of addresses recorded in the Reverse Routing Header is au 
thentic. It is crucial for the home agents to be able to establish that 
the addresses recorded in the Reverse Routing Header are legitimate, si 
nee [Non-patent document 12] requires that home agent to make use of the 
list of addresses in a Reverse Routing Header to construct a Routing He 
ader to forward any packet directly to the mobile router. The solution 
in [Non-patent document 12] does not provide any remedies to the securit 
y threats a Reverse Routing Header is eaposed to. 
Another simple solution to solve the problem of multiple tunnelings is 
to allow subsequent mobile routers to forward the outer packets di recti 
y to their specified destination (instead of encapsulating them in an ad 
ditional level of tunnelling through the home agents of the subsequent m 
obile routers). This, however face the same security problem, since the 
recipient cannot verify that the outermost packet came from legitimate 
sources. 
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Means for Solving the Problems 

To solve the problem listed in section 3.3, the present invention ewpl 
oys a mechanism for mobile network elements to pass information to their 

home agents or other corresponding nodes about the access routers the m 
obile nodes are attached to. Using this information, home agents or cor 
responding nodes can construct a routing header to send packets directly 

to the mobile nodes without incurring additional penalties of route tri 
angulations. Because information about the routers the mobile nodes att 
ached to are passed by the mobile nodes themselves, the authenticity of 
the information is automatically established. 

In addition, since the home agents or other corresponding nodes receiv 
ed information about the routers the mobile nodes attached to, they can 
verify that packets arriving from a tunnel with the outer source address 

to be one of the access routers came from legitimate sources. Thus, mo 
bile routers can now directly forward outer packets directly to the spec 
if ied destinations, since it is now possible for recipients to verify th 
e authenticity of the forwarding routers. 

Operation of the Invention 

This invention involves the internetworking of packet-switched data ne 
tworks. Some of these networks are moving, such that the router control 
ling the egress interfaces of the said network changes it point of attac 
hment. This invention provides extension to existing solutions for prov 
isioning of global connectivity to roaming hosts, so that global connect 
ivity to roaming networks can also be achieved. 

Hiis invention disclosed several algorithms to be employed in three ma 
in types of nodes. These are the mobile hosts that change their points 
of attachment to the global data communications network, the mobile rout 
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ers that control the egress interfaces of moving networks, and other hos 
ts on the global data communications network that communicates with mobi 
le hosts and mobile routers. With these algorithms fully deployed, pack 
ets to and from moving networks can be delivered to their intended desti 
nations with minimal latency. 

Embodiments 

A method for provisioning global connectivity to roaming network is di 
sclosed in this section. To help understand the disclosed invention, the 
following definitions are used: 

* A "packet" is a self-contained unit of data of any possible format tha 
t could be delivered on a data network. A "packet" normally consists o 
f two portions: a "header" and a "payload" portion. The "pay load" porti 
on contains data that are to be delivered, and the "header" portion cont 
ains information to aid the delivery of the packet. A "header" must hav 
e a source address and a destination address to respectively identify th 
e sender and recipient of the "packet". 

* A "packet tunnelling" refers to a self-contained packet being encapsul 
ated into another packet. The act of "packet tunnelling" is also referr 
ed to as "encapsulation" of packets. TTie packet that is being encapsul a 
ted is referred to as the "tunnelled packet" or "inner packet". Hie pac 
ket that encapsulates the "inner packet" is referred to as the "tunnel li 
ng packet" or "outer packet". Here, the entire "inner packet" forms the 

payload portion of the "outer packet". 

* A "mobile node" is a network element that changes its point of attachm 
ent to the global data communications network. It may be used to refer 
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to an end-user terminal, or an intermediate network element that serves 
as a gateway, a router, or an intelligent network hub that can change it 
s point of attachment to the global data communications network. The "m 
obile node" that is an end-user terminal is more specifically referred t 
o as a "mobile host"; whereas the "mobile node" that is an intermediate 
network element that serves as a gateway, a router, or an intelligent ne 
twork hub is more specifically referred to as a "mobile router". 

* An "access router" of a mobile node is a network element that serves a 
s a gateway, a router, or an intelligent network hub to which the said m 
obile node attaches in order to gain access to the global data communica 
tions network throu^ the said network element. 

* A "home-address" is a primary global address assigned to a mobile node 
that can be used to reach the mobile node regardless of where on the gl 

obal data communications network the mobile node is currently attached t 
o. 

* A mobile node that is attached to the global data communications netwo 
rk where its home-address is topological ly compatible with the addresses 

used in the vicinity of the point of attachment is referred to as "at h 
ome". The vicinity of this point of attachment that is controlled by a 
single administrative authority is referred to as the "home domain" of t 
he mobile node. 

* A mobile node that is attached to the global data communications netwo 
rk at a point where the home-address of the said mobile node is topologi 
cally incompatible with the addresses used in the vicinity of that point 

of attachment is referred to as "away", and the vicinity of the said po 
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int of attachment is referred to as the "foreign domain". 

* A "care-of-address" is a temporary global address assigned to a mobile 
node that is away such that the assigned "care-of-address" is topologic 

ally compatible with the addresses used in the vicinity of the mobile no 
de's point of attachment to the global data communications network. A " 
care-of-address" is typically only valid for the period of time when the 
mobile node is attached to the same access router. 

* A "home agent" is a network entity that resides at the home domain of 
a mobile node that performs registration services of care-of-addresses o 
f the mobile node ^en it is away, and to forward packets addressed to t 
he home-address of the mobile node to the care-of-address of the mobile 
node. 

* A "corresponding node" refers to any network element that is on the gl 
obal data communications network to which a mobile node is communicating 

with. 

* A "Binding Update" is a message sent from a mobile node to its home ag 
ent or a corresponding node that informs the recipient the current care- 
of-address of the sender. This forms a "binding" between the care-of-ad 
dress and the home-address of the mobile node at the recipient. 

* A "Binding Acknowledgement" .is a message sent from a recipient of the 
Binding Update message to the sender of the said Binding Update message, 

indicating the results of the binding. 

* A "routing header" refers to a piece of information that is attached t 
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o a packet that instructs intermediate routers in a global data communic 
at ions network where the packet should be forwarded to. Ordinarily, rou 
ters in a global data communications network will forward packets based 
on the destination. A "routing header" overwrites that behaviour by con 
taining a list of intermediate destinations. To use a "routing header", 
a sender puts the address of the intended recipient in the last entry o 
f the routing header, and places the first intermediate destination in t 
he destination address of the packet. The first destination, upon rece 
iving the packet, will update the packet with the "routing header" such 
that the packet will then be forwarded to the second intermediate destin 
at ion (i.e. the destination address of the packet is swapped with the ne 
xt entry in the "routing header"). The cycle repeats until the last int 
ermediate destination is reached, where the "routing header" is updated 
such that the packet is now forwarded to the actual intended destination 
, Readers are referred to [Non-patent document 8] for a more detai led e 
xplanation of the operation of a "routing header". 

* Any network elCTient that supports or inplements the methods and mechan 
isms disclosed in this invention is referred to as an "invention-enabled 
" network element. 

In the following description, for purpose of explanation, specific num 
bers, times, structures, and other parameters are set forth in order to 
provide a thorough understanding of the present invention. However, it 
will be apparent to anyone skilled in the art that the present invention 
may be practiced without these specific details. 

In order for the disclosed invention to co-exist in a global data comm 
unications network that contains network elements which may not support 
methods and mechanisms disclosed in this invention, any invention-enable 
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d router must indicate that they are capable of using methods and mechan 
isms disclosed in this document. This may be accomplished by inserting 
a unique signal into messages that routers occasionally broadcast to the 
ir neighbours. Anyone skilled in the art should be able to recognize va 
rious existing methods where a network element can notify other network 
nodes their capabilities. In addition, it should also be possible for a 
ny mobile nodes that attached themselves to a network segment controlled 
by a mobile router to learn the home-address of the said mobile router 
via the specified broadcast messages from the said mobile router. 
For example, in the context of Internet Protocol version 6 [Non-patent 
document 8], a Home-Address Option can be inserted into the Router Adve 
rtisement Message specified in IPv6 Neighbor Discovery [Non-patent docum 
ent 14] sent by an invention-enabled router to advertise its home-addres 
s. The Home-Address Option should contain the following fields: (1) a t 
ype field to identify this option as the Home-Address Option, (2) a leng 
th field to indicate the size of this option, and (3) a home-address fie 
Id to specify the home-address of the sender, as recited in claim 3. 
From the broadcast message sent by invention-enabled routers, a mobile 
node can then include the home-address of the access router the mobile 
node attached to in Binding Updates sent by the mobile node, as recited 
in claim I. This should be done only when the access router is inventio 
n-enabled. Such an information can be embedded in a Binding Update mes 
sage in various possible different ways, depending on the underlying pro 
tocol the global data communications network used. For example, in the 
context of Internet Protocol version 6 [Non-patent document 8], an Acces 
s-Router-Address Option can be inserted into the Binding Update Message 
defined in Mobile IPv6 [Non-patent document 7]. Such an option should c 
ontain the following fields: (1) a type field to identify this option as 
the Access-Router-Address Option, (2) a length field to indicate the si 
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ze of this option, and (3) an access-router-address field to specify the 
home-address of the access router the send is attached to, as described 
in claim 2. 

When an invention-enabled recipient, which may be the home agent of th 
e mobile node or a corresponding node, received this Binding Update, the 
recipient can record this in a table or a list. Entries in such a tabl 
e or list, hereafter referred to as Binding Entries, should at least con 
tain the following three fields: 

(1) a home-address field containing the home-address of mobile node; (2) 

a care-of-address containing the care-of-address of mobile node; and (3 
) an access-router-address field containing the home-address of access r 
outer, as recited in claim 5. The values of these three fields can be e 
xtracted from a Binding l^date message. 

Figure 1 illustrates the algorithm used to update the Binding Entries 
when an invention-enabled network element receives a Binding Update mess 
age, as recited in claim 6. In the step marked with literal 101, an ent 
ry is searched within the Binding Entries for which the home-address-f ie 
Id equals to the home-address in the Binding Update message. If none is 

found, a new entry is created, as shown in the steps marked with litera 
Is 102 and 103. If the Binding Update message does not contain any care 
-of-address, or if the care-of-address equals to the home-address, it is 

assumed that the sender of the Binding Update has returned to its home 
domain, and thus the entry is deleted from the Binding Entries, as shown 

in the steps marked with literals 104, 105. and 106. Else, the care-of 
-address field in the entry is updated to the care-of-address specified 
in the Binding Update message, as shown in the step marked with literal 
107. If the Binding Update message includes a hcwie-address of access ro 
uter, the access-router-address field in the entry is updated, as shown 
in the steps marked with literals 108 and 109. Otherwise, it is assumed 
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that the sender of the Binding Update is currently attached to an acces 
s router that is not invention-enabled. In this case, the access-route 
r-address field is marked to be invalid, as shown in the step marked wit 
h literal 110. 

A sender of the Binding Update can optionally request for a Binding Ac 
knowledgement. This allows the recipient of the Binding Update to infor 
m the sender the result of the update. When an invention-enabled recipi 
ent of a Binding Update that contains a valid access-router-address info 
rmation replies with a Binding Acknowledgement, it should marked the Bin 
ding Acknowledgement in such a way that the recipient of the Binding Ack 
nowledgement can deduce that the sender of the Binding Acknowledgement i 
s invention-enabled, with reference to claim 4. It should be apparent t 
o anyone skilled in the art that such a marking can be achieved in vario 
us ways, including, but not limited to, a bit flag or a specific pattern 

of a bit stream in the Binding Acknowledgement. 

Using the Binding Entries, the corresponding node or home agent can co 
nstruct a routing header to reach the mobile node directly. The rout in 
g header can be constructed such that the packet will be first forwarded 

to the access router's home-address, then to the care-of -address of the 

mobile node. In this way, the packet does not have to traverse to the 
home domain of the mobile node and get intercepted by the home agent who 
m then forwards the packet to the mobile node at its care-of -address. 

If the access router itself is mobile and away, the packet will still 
follow a roundabout route, even though a routing header is used. Hi is i 
s because since the access router is away, the packet forwarded to the h 
ome-address of the access router will be routed to the home domain of th 
e access router. The home agent of the access router will intercept the 

packet, and forward it to access router at the care-of -address of the a 
ccess router. 



aJiE#2 003-3102464 



^ #M 2002-3 0 3879 



^-'7: 30/ 



It may be possible to further optimise the delivery of packets by havi 
ng the invention-enabled access router send Binding Update to the invent 
ion-enabled home agent and corresponding nodes of the mobile nodes. The 
access router should also attach the home-address of its own access rou 
ter in the Binding Update if it is also invention-enabled. In order not 
to incur significant latency when the access router moves (if it is mob 
ile), any invention-enabled mobile node should maintain a list of other 
hosts, both home agents and corresponding nodes, that it has sent a Bind 
ing Update. This list is hereafter referred to as the Bound Hosts List. 
When a mobile node moves, it should notify the hosts on its Bound Host 
List by sending the respective hosts Binding Updates. However, to avo 
id introducing a burst of Binding Updates whenever a mobile node moves, 
there should be a small delay between subsequent transmissions of Bindin 
g Updates. 

When invention-enabled mobile nodes and access routers notify the host 
s with Binding Updates, any invention-enabled home agent or correspondin 
g nodes can then gain sufficient knowledge of the network topology aroun 
d a mobile node to optimise the delivery of packets to the mobile node. 
To do so, the algorithm depicted in Figure 2 can be used when construct 
ing routing header from the Binding Entries, as recited in claim 7. 

In the algorithm, a stack (a last- in-first-out storage structure) is u 
sed to aid the construction of the routing header. In the step marked w 
ith literal 201, the stack is initialised to be empty. In addition, two 

tanporary variables src and dst are set to the source (i.e. the home ag 
ent or corresponding node sending the packet) and destination addresses 
(i.e. the home-address of the mobile node) of the packet respectively, a 
s shown in the step marked with literal 202. The algorithm then enters 
a loop of steps marked with literals 203 through 209. In the loop, the 
Binding Entries is searched for an entry with the home-address field equ 
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al to the value stored in dst. If none is found, the loop exits, as sho 
ym in the steps marked with literals 203 and 204. On the other hand, wh 
en an entry is found, the value in dst is checked to see if it is the ho 
me-address of the mobile node (which should be true only once at the fir 
St iteration of the loop). If so, the value in dst is pushed onto the s 
tack, as shown in the steps marked with literals 204, 205, and 206. 

The algorithm next updates the value in dst to store the care-of-addre 
ss field in the binding entry found, as shown in the step marked with li 
teral 207. The access^router-address field of the binding entry is then 
checked to see if it contains a valid address. If so, the loop is reit 
erated, as shown in the steps marked with literals 208 and 209. In the 
step 209, the content of the dst field is also pushed onto the stack. I 
f the access-router-field is invalid, the loop is exited. Once out of t 
he loop, the contents in the stack is popped out in reverse order and ap 
pended to the routing header, as shown in the steps marked in literal 21 
0 and 211. Once the stack is emptied, the destination field of the pack 
et is set to the value stored in dst and the algorithm finishes, as show 
n in the step marked with literal 212. 

While the routing header so constructed can optimise the routing of a 
packet delivered to the mobile node, it also introduces certain security 
threats. The most notable threat is that an attacker can construct a s 
pecific routing header such that packets will be reflected from a node i 
n a mobile network, so that the attacker can reach some parts of the glo 
bal data communications network that are otherwise inaccessible. To avo 
id such a security breach, any invention-enabled mobile nodes should fol 
low the algorithms depicted in Figures 3 and 4 to discard any packets th 
at are suspected to be bogus. 

The algorithm illustrated in Figure 3 is used by an invention-enabled 
router. When a packet is intercepted by the router, the router first ch 
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ecks if the destination address equals to its home-address or its care-o 
f-address, as shown in the steps marked with literals 301 and 303. If t 
he destination address equals to the home-address, the packet is consume 
d, as shown in the step marked with literal 302. If the destination add 
ress equals to the care-of-address, the presence of a routing header is 
checked, as shown in the step marked with literal 304. If the destinati 
on address is neither the home-address nor care-of-address, it is checke 
d if it is a valid address in the local network attached to the router, 
as shown in the step marked with literal 305. If it is, the packet is f 
orwarded to its destination, as shown in the step marked with literal 31 
1. Otherwise, the packet is discarded, as shown in the step marked with 
literal 310. 

In the step marked with literal 304, the presence of the routing heade 
r is checked. If none is present, the packet is discarded, as shown in 
the step marked with literal 310. Should a routing header exist, it is 
checked if the next address in the routing header is the last entry. If 
not, the entry is swapped with the destination address of the packet, a 
nd the destination address is again checked if it is a valid address in 
the local network attached to the router, as shown in the steps marked w 
ith literals 306, 307, 305. If the next address in the router header is 
the last entry, this last entry is checked to see if it is the home-add 
ress of the router, as shown in the steps marked with literals 306 and 3 
08. If it is the home-address, the packet is consumed, as shown in the 
step marked with literal 309. Else, the packet is discarded, as shown i 
n the step marked with literal 310. 

For a mobile host (i.e. a mobile node that is not functioning as a rou 
ter), the algorithm shown in Figure 4 is used. First, in the step marke 
d with literal 401, the destination address is checked to see if it is t 
he home-address of the mobile node. If yes, the packet is consumed, as 
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shown in the step marked with literal 406. Else, the destination addres 
s is checked to see if it is the care-of-address of the mobile node, as 
shown in the step marked with literal 402. If it is not, the packet is 
discarded, as shown in the step marked with literal 407. On the other h 
and, if the destination address equals the care-of-address of the mobile 
node, the presence of a routing header is checked. In addition, the ro 
uting header must contain only one remaining entry, and that entry must 
be the home-address of the mobile node, as shown in the series of verifi 
cation steps marked with literal 403, 404, and 405. The packet is disca 
rded if any of these tests fails, as shown in the step marked with liter 
al 407. If all the tests pass, the packet is consumed as shown in the s 
tep marked with literal 406. 

The above description fully explains how a packet can be delivered to 
the mobile node without going through the home agents of the mobile node 
and access router (s), thereby reducing delivery latency. The next part 
of the disclosure focuses on the packets sent from the mobile node. On 
e point to note here is that when an away mobile node sends a packet, it 
usually uses its care-of-address as the source of the packet. This is 
done because in a lot of packet-switched network that is deployed, ingre 
ss filtering is used for security reasons. Ingress filtering refers to 
the discarding of packets going out of a local network because the disca 
rded packets have source addresses that are topological ly incompatible w 
ith the addresses used in the said local network. When an away mobile n 
ode uses its home-address as the source address to send a packet from wi 
thin a foreign domain, the packet may be discarded due to ingress filter 
ing. Thus, to avoid ingress filtering, the care-of-address (which is to 
pologically con5)atible with the addresses used in the foreign domain) is 
used as the source address. To help the recipient identify the origina 
tor of the packet, the away mobile node will include its home-address in 
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the header of the packet. Hence, in summary, whenever an away mobile 
node sends a packet, it marks the source address of the packet with its 
care-of -address, and inserts its home-address as extra information in th 
e packet header. 

mien the mobile node is aware that its access router is invent ion-enab 
led, it can choose to allow the access router to forward the packet it s 
ent directly to the destination, without going throu^ the packet tunnel 
ling between the access router and the home agent of the access router. 
With reference to claim 8, this can be done by inserting a signal into 
the packet header. This signal can be of any form, such as a bit or a p 
articular pattern of bit stream. The presence of such a signal indicate 
s to an invention-enabled router that the sender of the packet is reques 
. ting the router to attempt to forward the packet directly to the destina 
tion without using any packet tunneling or encapsulation technology. He 
reafter in the document, this signal is referred to as the "direct-forwa 
rding-request". With reference to claim 9, an intermediate router can i 
nvalidate the direct-forwarding-request signal when it does not wish sub 
sequent routers to attanpt to forward the packet directly to the destina 
tion without using any packet tunnelling or encapsulation technology. 
When an invention-enabled mobile router intercepts this packet and notic 
es that the packet is specially marked with a direct-forwarding-request, 

it checks if the source address of the packet is a valid address from i 
ts local network. If it does not, this means that there exist at least 
one intermediate network element between the originator of this packet a 
nd the router itself that is not invention-enabled. In this case the ro 
uter cannot perform direct forwarding. Next, it checks if it has a bind 
ing update with the specified destination. If so, it changes the source 

address to its care-of-address and sends the packet to the destination. 
For any other case, the packet is encapsulated and tunnelled to the ho 



ffliE#2 003-3102464 



#M 2002-303879 ^ -^^^^ 35/ 

me agent of the mobile router, where it is de-capsulated and delivered t 

0 the actual destination. This, of-course assumes that the mobile rout 
er itself is away from home. If it is at home, there is no need to chec 
k for direct-forwarding-request. Any packet it intercepts from its loca 

1 network is by default forwarded to the destination without the need to 
tunnel the packet to a home agent. 

With reference to claim 10, this is illustrated in the block diagram s 
hown in Figure 5. When an invention-enabled mobile router that is away 
from home intercepts a packet, it first checked if the packet is marked 
with a direct-forwarding-request, as shown in the step marked with liter 
al 501. Next, the source address in the packet is verified to be a vali 
d address in the mobile router's local network, as shown in the step mar 
ked with literal 502. Finally, the specified destination is checked to 
see if the mobile router has previously sent a Binding Update, as shown 
in the step marked with literal 503. If any of the three tests is negat 
ive, the packet is forwarded to the home agent using tunnelling, as show 
n in the step marked with literal 504. Otherwise, the packet is forward 
ed directly, as shown in the step marked with literal 505. Here the inve 
nt ion-enabled mobile router will modify the packet header so that the so 
urce address will be replaced by its care-of -address. 

Since the source address of a packet is changed by routers en-route, t 
here must be a way for recipient of the packet to verify that the packet 

originated from authentic source. The inclusion of the home-address of 

the mobile node sending the packet in the packet header provides one fo 
rm of verification. However, an attacker can forge a packet and falsely 

insert the home-address information into the packet header. Thus, it i 
s of great importance for recipient to establish that the source address 

on the packet received is an authorized invention-enabled access router 

of the sender (the sender here refers to the mobile node with the speci 
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fied home-address). One way to do so is to check through the Binding En 
tries, and established the fact that the source address of a received pa 
cket is linked to the home-address inserted into the packet header. Wit 
h reference to claim 11, Figure 6 depicts an algorithm that establishes 
such a relationship. 

The algorithm shown in Figure 6 returns the Boolean value TRUE when a 
relationship can be established, and returns the Boolean value FALSE oth 
erwise. When the algorithm first starts, a variable temp is first initi 
alised to store the home-address specified in the packet header, as show 
n in the step marked with literal 601. The algorithm then enters a loop 
(marked with literals 602 through 607) to scan through the Binding Entr 
ies. First, the value in temp is check against the source address of th 
e packet. If they are equal, the algorithm returns TRUE, as shown in th 
e step marked with literal 602. Else, an entry in the Binding Entries w 
ith a home-address field equal to the value stored in teasp is searched f 
or, as shown in the step marked with literal 603. If none is found, the 
algorithm returns FALSE, as shown in the step marked with literal 604. 
If one such entry is found, the source address of the packet is compare 
d against the care-of-address field in the entry foimd, as shown in the 
step marked with literal 605. If the two are identical, a relationship 
is established and the algorithm returns TRUE. Else, the access-router- 
address field of the entry found is checked if it contains a valid entry 
, as shown in the step marked with literal 606. If the access-router-ad 
dress field is invalid, the algorithm returns FALSE. Else, the address 
in the access-router-address field is stored in temp, and the loop is re 
iterated, as shown in the step marked with literal 607. 

With reference to claim 18, a basic invention-enabled node needs to im 
plement the Binding Entries, and the algorithm that updates the Binding 
Entries as shown in Figure 1 and recited in claim 6. In addition, it sh 
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ould be able to mark a Binding Acknowledgement with a special informatio 
n that allow the recipient of the said Binding Acknowledgment to realize 
that the information on the home-address of access router in the corres 
ponding Binding Update message is accepted, as recited in claim 4. Furt 
hermore, for security concerns, the invention-enabled node needs to impl 
ement the algorithm that checks the source address of a received packet 
as described in Figure 6 and recited in claim 11. Lastly, to be able to 
optimise the delivery of packet to an invention-enabled mobile node, th 
e basic invention-enabled node needs to implement the algorithm to const 
ruct the routing header as depicted in Figure 2 and recited in claim 7. 

Hence, with reference to claims 12 and 13, an invention-enabled node, 
after a short period of time from the reception of a Binding Update mess 
age with attached information on the home-address of the access-router t 
he sender of the Binding Update message is attached to, will start to fo 
rward packets to the said sender through the specified access router. Th 
is meant that after the reception of the said Binding Update, certain pa 
ckets send out from the invention-enabled node will possess one of the f 
ol lowing feature: (1) the said packet has the source address field set t 
o the home-address of the access router, and is appended with a routing 
header containing only the care-of-address and home-address of the said 
sender of the Binding Update; or (2) the said packet has the source addr 
ess field set to the home-address of the access router, and is appended 
with a routing header containing the care-of-address of the said sender 
of the Binding Update as the first entry. 

Should the said access router has also sent a Binding Update containin 
g its care-of-address to the same invention-enabled node, the packets se 
nt out from the invention-enabled node will possess one the following fe 
atures: (1) the said packet has the source address field set to the care 
-of-address of the access router, and is appended with a routing header 
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containing only the care-of-address and home-address of the said sender 
of the Binding Update; (2) the said packet has the source address field 
set to the care-of-address of the access router, and is appended with a 
routing header containing the care-of-address of the said sender of the 
Binding Update as the first entry; or (3) the said packet is appended wi 
th a routing header containing the care-of-addresses of the said sender 
of the Binding Update and the access router, where the care-of-address o 
f the access router comes immediately before the care-of-address of the 
said sender of the Binding Update, as recited in claims 14, 15, and 16. 

For an invention-enabled mobile node, with reference to claim 19, in a 
ddition to those fimctionalities described for a basic invention-enabled 

node, the functionality to insert a direct-forwarding-request in a pack 
et. as recited in claim 8, and to insert the home-address of its access 
router in a Binding Update message, as recited in claim 1, must be imple 
mented. If the mobile node is not serving as a mobile router, the algor 

ithm to check incoming packets as illustrated in Figure 4 must also be i 
niplemented. 

With reference to claim 20, an invention-enabled mobile router will ha 
ve to inclement, on top of those specified for an invention-enabled mobi 
le node, the functionality to check packets from the local network (i.e. 

ingress interface of the said router) for a direct-forwarding-request s 
ignal, as described in Figure 5 and recited in claim 10. In addition, t 
he router has to perform security check on packets arriving from the egr 
ess interface as described in Figure 3. 

Hence, with reference to claim 17, an invention-enabled node, after re 
ceiving a packet from its ingress interface that contain a direct-forwar 
ding request signal, may forward the packet simply by changing the sourc 
e address of the said packet to its own care-of-address or home-address. 
This happens when the access router* s Bound Host List contains the hos 
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t specified in the destination field of the packet. If the specified de 
stination is not in the Bound Host List, the invention-enabled router ma 
y then send a Binding Update message to the specified destination. 

Effects of Invention 

The invention allows hosts in an internetworking of packet-switched da 
ta networks to use existing solutions of provisioning global connectivit 
y to mobile hosts and extends these solutions to provide global connect i 
vity to networks that change their points of attachment. By using the m 
ethods disclosed in this document, packets to and from roving networks c 
an be delivered to their intended destinations with minimal latency. Fu 
rthermore, by using the verification methods provided by the current inv 
ention, network elements can reduce the security threats they are expose 
d to. 

4 Brief Description of Drawings 

Figure 1: Updating the Binding Entries - This figure depicts the algo 
rithm employed by network element to update the Binding Entries when the 
said network element received a Binding Update message; 
Figure 2: Construction of a Routing Header - This figure shows the al 
gorithm employed by network hosts when constructing routing header to de 
livery a packet directly to a mobile node. The Binding Entries is used 
to recursively obtain the care-of-addresses of the mobile node and its a 
ccess routers. A stack is used to store these addresses, and when const 
ructing the routing header, the addresses can be retrieved in reverse or 
der; 

Figure 3: Security Verification by a Router - This figure" depicts the 
steps performed by a router when it intercepted a packet to be forwarde 
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d to one of the local networks attached to the router. This sequence of 
tests helps to reduce the vulnerability of the local network to securit 
y threats; 

Figure 4: Security Verification by a Mobile Node - This figure illust 
rates the checks carried out by a mobile node when it receives a packet. 

The verification process described here can reduce the vulnerability o 
f the mobile node to security threats; 

Figure 5: Handling of Direct Forwarding Request - This figure demonst 
rates the algorithm used by a router to process outgoing packets, i.e. p 
ackets send by nodes in the local network attached to the router that ar 
e addressed to other hosts on the global data communications network; 

Figure 6: Security Verification by Other Hosts - This figure depicts 
the verification process used by network hosts, be it home agents or cor 
responding nodes, to check that a packet with a specified source address 

is linked to the home-address included in the packet header through pre 
vious Binding Updates. The algorithm shown in the figure basically scan 
s through the Binding Entries iteratively to establish a relationship be 
tween the source address and home-address. 
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1 ABSTRACT 

An invention pertaining to the provisioning of global connectivity to 
networks that change their points of attachment is disclosed in this doc 
ument. This invention provides several mechanisms and methods to be emp 
loyed in different types of nodes in an internetworking of packet-switch 
ed data communications networks. The" types of nodes are the mobile host 
s that change their points of attachment to the global data communicatio 
ns network, the mobile routers that control the egress interfaces of mov 
ing networks, and other hosts on the global data communications network 
that communicates with mobile hosts and mobile routers. These algorithm 
s and mechanisms are devised such that packets to and from moving networ 
ks can be delivered to their intended destinations with minimal delay. 
In addition, the current invention also introduces various mechanisms so 

that the security threats nodes employing methods disclosed in this inv 
ention are exposed to security threats are significantly reduced. 

2 Representative Drawings Fig. 1 
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[0 0 0 7] 

5> 7) H»o'< ^>OT-2b^o 
[0 0 0 8] 



aiSE#2 003-31024 



#02 0 0 2-3 0 3 8 7 9 ^-P : 20/ 



:i>:^'^lc>K^$tt;g,;i/-x'f ■/nh=i;i.{i. iP-in-lP> >^;V-ii-e^> W 
-A . j^-i;a.y>frcj;or#^$tt, ip-in-iPh>^;v*5i^T'^^^M;v-;v 

[0 0 0 9] 

i ^}l«v^v^;K7>•=e>'^M;^ • cio/N'^-y Mr^l^abT^ SUmP-in-IP 



I±iiE#2 003-3102464 



# M 2002-303879 



^-i; : 21/ 



[0 0 1 0] 

mw}^<o^ v\v-^ opg^o 3 #B (r>mkmu m^mM 1 3 ) r-^s 

lO 0 1 1] 

\mMm^ t J: ^ ^ i- ^ msi 

D ip-in-iPh ^^^^K^-BlffiJi^ • hv^rv^ 



aiiE#2 003-3102464 



i^m 2002-3 0 3879 ^ ^-'^ • 22/ 



[0 0 12] 

tc, ;ifLh<D)i^-^ii. ^v'J^}i^<oy'->^ •rvi-:^^^')^^-:^ ' ^^-T'^^-' 
-7-^ • ^u/tTlclB^^tLTtT Kv;^o';y^ h;6^^Mm-t^^ 

[0 0 131 



maE# 2003-3102464 



2 002-303879 ^ ^-v : 23/ 



[0 0 14] 

mm ^ Mi^-r ^tz^ <D^wci 

^ij' V 3 > 3 . 3 \zmfhfi^fzmm^mm-^fz^^ ifmi^i. ^^^^ • ^ 

^ • •^-~>'^ ^ hXti1tfc<^*tlS>' - K (correspondin 

gnode) m-r^c46<^^5&-XA*^ffl-r^o i<7)1t^*^tffl bt. - 

10 0 1 51 

10 0 1 61 

[HBJcOfipffll 

^la^ ^7 h 7 - <^ h 7 - ffiO >' ^ - "7 ^ ^r^^^i- ^ ^1^- ^ 



mSE# 2003-3 1 02464 



# m 2002-303879 



^-v : 24/ 



[0 0 17] 

o 

[0 0 181 
[0 0 191 

[0 0 2 01 



aiiE# 2003-3102464 



#M 2002-303879 ^ ^- v : 25 



[0 0 2 11 
10 0 2 2] 

ii C T i^* o - ^ 7-*- ^ ii'»ffl^<^ T -b X =lr ^ /i *e) l^^^i" ^ <^ 

2b ^ o 

[0 0 2 3] 

. r^-A.TFV;^J {i> . y-K^c#Jl9^-C^btLf^^^'^^r^-/^• 

10 0 2 4] 

-Atcv^3 (at home) J iiW^tu. ^-OWSK^ ^ -^^-^^^ ^ 

^ o 



ttiiiE# 2003-31024 



#0 2002-303879 



^-y: 26/ 



[0 0 2 51 

. ^ ^ - A . T K U^i!}mm.^.O^ < t'^ffl $ ti.^ T K V >^ t b 'i^" n V :^ ;v 
^|tLTV.;5> (away) J tm^fi. ^ > tci V h n-;V$*L 

^ o 

[0 0 2 6] 

. [^i-irVl^T. (care-of-address) J (i. UttTV^^^/NM ;V • ^ - K^^tJ 
[0 0 2 7) 

[0 0 2 8] 

• rM)S/-F (corresponding node) J \U ^/nM ;v • ^ - F:5^®#4rff oT 
[0 0 2 9] 

. ^T^-f y . T T't'- h (binding update) J li, •=&.'>M ;V • y - F 

^^(b'?-<??*-A • ji-':^:r.>bX{±^JS/-FirMtrm^t^'^^^^*fe-'>''^*> 
I). (^/nm;v • f) (om^o^itr vv7.^^mm (^--^ • ^- 

(binding) J Tb^Y^^i^fi^o 



ffiiE#2 003-3102464 



# M 2002-303879 



^-v : 27/ 



[0 0 3 01 

. [^'i^yT^y^'T^y\^y'y^>y (binding ackowledgement) J 
[0 0 3 11 

OTKVX^AtL, /N'-^ y h(7)|l-,>^.TKV7.lC, ft^0<7)>=f«^Ogm (fisrt in 
termediate destination) =&S<o ms<0%mm%. v \ '^'^^m^X T^V 

ti iW^ffXW. 8 ] ^ #R^i~^ ^ -C ^ o 
[0 0 3 21 

^ o 

[0 0 3 31 



aiiE# 2003-3102464 



2002-303879 ^-v : 28/ 



[0 0 3 4] 
[0 0 3 5] 

mkif. .ynha;v./N^-v3>6[#^#W^:5:m8]<^^?5ii-e 

^]^3l::|Bm^tL;2,J:d'SJ (1) CKO^^i/ a V^^- A • T K P-;^ • a 
ytm^^X^^^^-:^ ' y^-J^V. (2) ^:<^:^-ye/3>'<^"9--fX1r^-tl^>' 

10 0 3 61 



tiiSE#2 003-3102464 



#M2 0 0 2-3 0 3 8 7 9 ^ ^-i^: 29/ 



. ^^-/3 vti, ^/^M;vI p V 6 i^mff^xmi) icm^$tL;2>A^ vt'-t > 

KV^.:ty->3>. (2) i<7):^7'v'a><^-9-^Xt:^-rv>^^;^ • 

h\ RX>\ (3) ^>g^^^^i^$tL-CV^^Ti^"fe;^ • -'W-i5'<^^~-^ • "^^'^^ 

[0 0 3 7] 

$tt;S,iO=5^ (1) ^/M;v. 7-Kc7).i.-A . TKV;^>l:^ti'^-A - TKV 
[0 0 3 8] 



aiiE#2 003-3102464 



mm 2002-303879 



^--J : 30/ 



MoTis*). L/c::i.5oT> ^-^1 0 4. 1 0 5:5tt>'l 0 6 •r'fB^ti^^;^^ ^-C 
[0 0 3 91 

y-j;^yy^^i^-th^hi)''x%. im'J:oT. /^^yr^y^-ryfr- 

h <^^>(i^;6^'^BJ=&irtg 1 1-^ o-e^;?, yr^ y^^ - yi^y 
y Y (D^mmi^mmx ^^^^ ^j^i^mx. ^uyr^y^ -r^yi^y '^^^ > > 

ffi|iEJHF2 003-3102464 



2002-303879 ^ • 31/ 



[0 0 4 0] 

^T^t^.mWf^^^^^'^^'^^'^o ^/NM;V'y 

[0 0 4 1] 

^>U TiJ'-t:^ • ^V-^S:t7&«S16'5TI^-e^tL-CV>;5> (away) ^'^icti> 
;v-7-^ >^ • ^'^^*^^^ffl^^'^'^>> tr/N'^-y ^^i?tla^)<^-'^- 

[0 0 4 2] 

^ys.^>K-*>^h • 1; >^ h (Bound Hosts List) fcH^^^i i: IrCi-t^o - 



thliE# 2003-3102464 



#02 002-303879 



32/ 



[0 0 4 3] 

ic, ,^y{-y^^y^':^y\'^)ii-^h(r>}\/-'r^^y^'^-y^'^^^'^^^^^^^ 
12 2 T ;v X A ^itffli- * i t *^tfe-e^ ^ o 

[0 0 4 4] 

^^2 0 2T'ia$tL^;^x';'7°T'^$tt;s, j:9i^> 2^<D-nmnm3tcB.mst 

. TKV;^) (D^^^fi^z-n^^fy-^o ^<^m. T;V::^';XA{i. #-^2 0 3- 

-lilfc^bv^^-A . r Fwx . 7>f-;V'F=^iix.fc^>h^J*^*^-^^ A-o-f* 
0 4T-fS$«>^x'y7'-C^$tL;&i:dlc;v-7'«:mt:. -:^> JivhV^^JLo 

-ejELv^^:^;^^^^-^^-^*^) o ^(OliS:*^^/^M;v • FO^-A . T FV 
X-e^;i,i^;6^IIE.$tL/iJ^'g-. #-^2 0 4. 2 0 53^t>-2 0 6-C'fB$tL^;^T- 



tliSE# 2003-3102464 



S^m 2002-303879 



^-v : 33/ 



[0 0 4 5] 

:6qi|^$tL;g,o ;t^^^r F^';^*^^t?v^^^'a-^c^i. ^^2 o 8^iF2 o 9T' 
-^2 1 os.tJ^^2 1 i'eia^tL^;^7-'yyt?^^tt^j:dt^. ^rt^^rt^t* 

[0 0 4 61 

^•t^^Vx^f <?5#J^^^< ^iil^^^^o "^^^ 
. [0 0 4 71 

;2,*>(7)-e^;So yfi^jv-^^zx^xm^^f^^t. #^3 o i^0'3 o 3 



ffipE# 2003-3102464 



2 002-303879 



^-v: 34/ 



T'^ittttf, iff-^3 1 0T'iB$tL^;^x';'7'-e^^^'^«J^-5i^. ^-^'^^^ 

[0 0 4 81 

iVbUti/N'^^y b(^||.;^TFV^i:AtLm;t^tL-C. f^-^3 0 6> 3 0 7 

. 3 0.5tcfB$^^;^x^yye^^tL^J^^i-> ^J^.rKv:^:6^ 

0 6 ^stuf 3 0 8 -eia$ tL^ X 7- ^7 y-e^ $ tts i ^ tc. c <^ftm<^ j^- > v 

[0 0 4 91 



{iifE# 2003-3102464 



I#M2 002-303879 



^-v: 35/ 



o ^loic. t^^4 0 3> 4 0 425:tJ'^4 0 ^•^^.^^^-'^(OmnT.'T Vf-^T^^ 

> > ti^^^^ • y-K<^'i^~A • rYv:^(r>\t-f'^h^o ^f-^4 o 7-eiB^ 

[0 0 5 0] 

tlio-C. K^S® (delivery latency) 1rM^^$^i:'CV^;6o ^(rCgi^^ tt^^IS 
y |.y_^-e(i. ^Vj^'V^^. . 7>f;V^';>i5^ (ingress filtering) /{(^-fe^-:^ 



tiiiiE#2 003-3102464 



2002-303879 ^ ^^^^ • 36/ 



y^)v^v>^^mmt^tii>^^-^ %iirv'U7. (•7:t-u>" K^^>i*i-ei^ 

[0 0 5 1] 

-A . iKTJPd^-e/N-'^'y h^^h^/^i; >i^-r^^i:=5:<. • 

ff)j^^lt nt^^K^^^ (direct-forwarding-request) J fcHf-^C ^ l^i"^o 



aiiE#2 0 0 3-3102464 



2002-3 03879 ^ ^-'^ • 37 



Vh-em^^^'-bMI: (decapusulated) $tfC. ^|^OB6?lSfetC@a^$tL^o 

i o T a fi^flb ic^an ^ o 

10 0 5 2] 

tt;g>o-^. -e^-^'S^tttttf. ^f-^5 0 5-eiB$tL^;^-7->77^-e^^tL;2.j:di:i 

[0 0 5 3] 



mfE# 2003-31024 



#0 2002-303879 



^--J : 38/ 



[0 0 5 41 

0 2-6 0 7-cf5$tt^;v-"/) KXho ma\z. t&ss^(D^(r>m^^-^'r 

0 2-e|B$tt;5>>^7^y7-C^$tv^J:9l^> T^vrrfijXAli'mUE^TSU ^f^h 
;&s^L<'&v^J^'g-lC{±. 0 3'e|B$tt;|);^T y"/t?^$^^^^ temp 

. y^~)VV^t&M^f^^o ■e<^2O76S|^-0^^. Hl^limiE^tLTTJVrf'; 

003-310246 '4 



002-303879 



: 39/ 



[0 0 5 51 

J?) <0 r ;v V X A lljfet* ^ 'jet^^^* ^ o 
10 0 5 6] 

m^^\ 2:s.t>n sicM^L-c. ^?l^^tg^:i-^^-^'fi^ ^^^^^^^ 



UiiE#2 003-3102464 



2 0 0 2-3 0 3 8 7 9 ^ --^-v : 40/ 



10 0 5 7] 

<?5J^o^-t,<^io^#o-cv>^ : (1) m^o^-^^yVit. r^^7s')v-9 
fi^t■S:•^^w>i>;^-X'^ • ^y ^-hm^h^x^^^^is-. (2) m^<^^^°^ 

(3) ^ifTiEO/^^ '7 h t±. ;%y[yTAyy 'rv^T-\lk'C?r^'<^ 

[0 0 5 81 



ffiiE#2 003-3102464 



0 0 2-3 0 3 8 7 9 ^ ^-v^ : 41/ 



e 



[0 0 5 9] 

t>*,. n^(0)\^-^(0]HU^yy'7-'^'^^^-'^-'^'^'^^ (ingress interfac 

;i'-iJ'(±. |lI3l'^$tL;i> j:^'5^n^^«;^ >7-^ffl!l-r>^-"7:c^;^ (egress 
interface) H^hnm-f^^^'ryyKmX^X. -t^^^Jx-f .^a.^y^^^^TL 

[0 0 6 0] 
[0 0 6 1] 



{HiE#2 003-3102464 



2002-303879 ^ ^-i^ 42/ 



[laii 

[1112] 

lias] 

[1114] 
[HIS] 



2003-3102464 



#1M2 0 0 2-3 0 3 8 7 9 ^ ^-v^ : 43/E 



.-s.y^ic'^ttt;?,^-^ . TKv;^^c1;>^$tt^^i:^^^'^^i■^^-*^^- 



mSE#2 003-3102464 



S^m 2002-303879 



1/ 



mi} 



101 




103 



106 




■ta^^ — I 



110 



tfciliE#2 003-3102464 



#M 2002-303879 



2/ 



[112] 



201 



202 




203 





T 



aigE# 2003-3102464 



[HI 




3/ 



ffigE#2 003-3102464 



[[114] 




4/ 



tliiE^2 003-3102464 





aiSE#2 003-3102464 




miE#2 003-3102464 



^rtf®2 0 0 2-3 0 3 8 7 9 ^ y^-V". 1/E 



{iiiE#2 003-3102464 



^^m2 002-303879 



1/E 



#® 2002-303879 
50201920283 

f^-tUMl-m 0 0 9 6 

ifj^l 4^12^2 4 0 



sp^l4d^l2^ 18 H 



miE#2 0 0 3 



-3102464 



#®2 002-303879 

m 0 A m M if # 

mglJ## [0 0 0 0 0 5 8 2 1] 

1 . ^m^^ a- 1990^ 8^280 

fmrtT:^#^fm 1 0 0 6 



